000035776 - MetaCallback feeds do not support ranged indices (IP range or CIDR) in RSA Security Analytics 10.6

Document created by RSA Customer Support Employee on Nov 23, 2017Last modified by RSA Customer Support Employee on Jan 6, 2018
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000035776
Applies ToRSA Product Set: NetWitness Logs & Packets, Security Analytics
RSA Product/Service Type: Packet Decoder, Log Decoder, Content, Custom Feeds
RSA Version/Condition: 10.6.x
Platform: CentOS
O/S Version: EL6
IssueRSA Security Analytics does not support CIDR when the MetaCallback option is selected. Ranged indices are still required for feeds that only need ip.src or ip.dst, but not both.
ResolutionIn 10.6.5, support is provided for MetaCallback feeds for CIDR on Decoder and Log Decoder devices using the existing custom feed advanced configuration wizard. To access the wizard, go to Live > Feeds, > Custom Feed > Advanced Configuration Wizard, and use the xml feed definition file.
You can also upload xml and feed binary files using the REST interface with /decoder/parsers/upload.